svn commit: r452934 - head/security/vuxml

Bradley T. Hughes bhughes at FreeBSD.org
Thu Oct 26 18:09:12 UTC 2017 

Author: bhughes
Date: Thu Oct 26 18:09:10 2017
New Revision: 452934
URL: https://svnweb.freebsd.org/changeset/ports/452934

Log:
  security/vuxml: add node.js remote DoS vulnerability announced 2017-10-24
  
  Reviewed by:	swills
  Approved by:	swills (ports-secteam)
  Security:	d7d1cc94-b971-11e7-af3a-f1035dd0da62
  Differential Revision:	https://reviews.freebsd.org/D12788

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Thu Oct 26 18:07:58 2017	(r452933)
+++ head/security/vuxml/vuln.xml	Thu Oct 26 18:09:10 2017	(r452934)
@@ -58,6 +58,40 @@ Notes:
   * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="d7d1cc94-b971-11e7-af3a-f1035dd0da62">
+    <topic>Node.js -- remote DOS security vulnerability</topic>
+    <affects>
+      <package>
+	<name>node</name>
+	<range><lt>8.8.0</lt></range>
+      </package>
+      <package>
+	<name>node6</name>
+	<range><ge>6.10.2</ge><lt>6.11.5</lt></range>
+      </package>
+      <package>
+	<name>node4</name>
+	<range><ge>4.8.2</ge><lt>4.8.5</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Node.js reports:</p>
+	<blockquote cite="https://nodejs.org/en/blog/vulnerability/oct-2017-dos/">
+	  <p>Node.js was susceptible to a remote DoS attack due to a change that came in as part of zlib v1.2.9. In zlib v1.2.9 8 became an invalid value for the windowBits parameter and Node's zlib module will crash or throw an exception (depending on the version)</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <url>https://nodejs.org/en/blog/vulnerability/oct-2017-dos/</url>
+      <cvename>CVE-2017-14919</cvename>
+    </references>
+    <dates>
+      <discovery>2017-10-17</discovery>
+      <entry>2017-10-25</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="418c172b-b96f-11e7-b627-d43d7e971a1b">
     <topic>GitLab -- multiple vulnerabilities</topic>
     <affects>

More information about the svn-ports-head mailing list